From owner-freebsd-questions@FreeBSD.ORG  Wed Oct  1 21:23:33 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 02ED6873
 for <freebsd-questions@freebsd.org>; Wed,  1 Oct 2014 21:23:33 +0000 (UTC)
Received: from sdf.lonestar.org (mx.sdf.org [192.94.73.24])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx.sdf.org", Issuer "SDF.ORG" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id C104DC27
 for <freebsd-questions@freebsd.org>; Wed,  1 Oct 2014 21:23:31 +0000 (UTC)
Received: from otaku.freeshell.org (IDENT:case@otaku.freeshell.org
 [192.94.73.9])
 by sdf.lonestar.org (8.14.8/8.14.5) with ESMTP id s91LNHcO017396
 (using TLSv1/SSLv3 with cipher DHE-RSA-AES256-SHA (256 bits) verified NO)
 for <freebsd-questions@freebsd.org>; Wed, 1 Oct 2014 21:23:20 GMT
Date: Wed, 1 Oct 2014 21:23:17 +0000 (UTC)
From: John Case <case@SDF.ORG>
X-X-Sender: case@faeroes.freeshell.org
To: freebsd-questions@freebsd.org
Subject: Locked out of FreeBSD EC2 image - trying to figure out why ...
Message-ID: <Pine.NEB.4.64.1410012025290.15899@faeroes.freeshell.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 21:23:33 -0000


I added this ipfw line to my ec2 image and then rebooted it, and am unable 
to connect over the network now:


deny ip from 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 to any
deny ip from 0.0.0.0/8,169.254.0.0/16,192.0.2.0/24,224.0.0.0/4,240.0.0.0/4 
to any


The private IP that my instance uses is in the 172.31.xx.xx block, so is 
it my blocking of 172.16.0.0/12 that is causing the problem ?


I assigned a fixed "elastic" Ip to the instance in the hopes that amazon 
would fire up the instance and give it that *real* IP when it dhcp'd an 
address, but that doesn't seem to be the case.  Is there any way to force 
amazon to give it a real IP so I can log into this system ?

Thanks.